The LiveUpdate feature installed on ASUS devices queries the ASUS servers for new updates via unencrypted HTTP requests, easy to intercept and spoof.

On the other side of the query proces, the ASUS servers reply to these queries in HTTP as well, using obfuscated XML files, which are also easy to reverse-engineer and duplicate.

ASUS LiveUpdate doesn’t verify the validity of the response it receives from the server in any way, and it will also install any software it receives without checking its source or content.

Since LiveUpdate can deliver anything from USB drivers up to BIOS /UEFI firmware, an attacker only needs to have the patience to wait for a user’s laptop to query for updates before delivering their malicious code.

This isn’t finalized, but these are the proposed names that will substitute for the current placeholders (e.g., ununpentium, ununseptium). Nilhonium, Moscovium, and Tennesine are all named for places; Oganessen is named for the Russian physicist Yuri Oganessian.
But we all know scientists are bad at naming things, and we have until November to lobby for other names. Here are some suggestions

Microsoft Corp. (Nasdaq: MSFT) and LinkedIn Corporation (NYSE: LNKD) on Monday announced they have entered into a definitive agreement under which Microsoft will acquire LinkedIn for $196 per share in an all-cash transaction valued at $26.2 billion, inclusive of LinkedIn’s net cash. LinkedIn will retain its distinct brand, culture and independence. Jeff Weiner will remain CEO of LinkedIn, reporting to Satya Nadella, CEO of Microsoft. Reid Hoffman, chairman of the board, co-founder and controlling shareholder of LinkedIn, and Weiner both fully support this transaction. The transaction is expected to close this calendar year.

Reddit user FiletOfFish1066 just got fired from his programming job. The reason and circumstances will completely blow your mind, though. FiletOfFish1066 (FOF) worked at a well-known tech company in the Bay Area and for six full years did nothing except play League of Legends, browse Reddit, work out in a gym, and basically do whatever he felt like doing. Guess how much his company paid him to basically do nothing for a full six years? $95,000 per year on average.

APFS looks to be a major update over Apple’s old and creaky HFS+ file system, which has been around in one form or another for decades. It has been the subject of expansions and additions over the years, but HFS+ never approached the extensibility and flexibility of current next-generation file systems. Rather than continuing to bolt stuff onto the old code, we now (finally!) get a new file system that has some truly compelling features.

But now a Berkeley, California man wants to start a robust conversation among ethicists, philosophers, lawyers, and others about where technology is going—and what dangers robots will present humanity in the future. Alexander Reben, a roboticist and artist, has built a tabletop robot whose sole mechanical purpose is to hurt people. Reben hopes his Frankenstein gets people talking.

Two researchers from the University of Illinois at Urbana-Champaign have devised a method for turning vibration motors, like the ones found in smartphones, into makeshift microphones, capable of recording the sound around them.

Today’s launch of Firefox 47 means the E10S version, Firefox 48, has reached the beta stage. With Electrolysis, Firefox will finally be able to use two or more processes at once…. the main problem being that it breaks a lot of extensions

Craig Federighi gave his familiar nod to privacy, emphasizing that Apple doesn’t assemble user profiles, does end-to-end encrypt iMessage and Facetime and tries to keep as much computation as possible that involves your private information on your personal device rather than on an Apple server. But Federighi also acknowledged the growing reality that collecting user information is crucial to making good software, especially in an age of big data analysis and machine learning. The answer, he suggested rather cryptically, is “differential privacy.”